AAA Authentication
Recall that AAA stands for Authentication, Authorization, and Accounting. Authentication is the process of verifying a userâs identity to determine whether the user should be allowed access to a device. Authorization is the act of limiting or permitting access to certain features within the device once a user has been authenticated. Accounting is the recording of actions taken by the user once she has been authenticated and authorized. In this section, I will cover only authentication, as it is the most commonly used feature offered by AAA.
To use AAA authentication on an IOS switch or router, you must perform the following steps:
Enable AAA by entering the
aaa new-model
command.Configure security server information, if youâre using a security server. This step includes configuring TACACS+ and RADIUS information.
Create method lists by using the
aaa authentication
command.Apply the method lists to interfaces or lines as needed.
In NX-OS, the commands are similar, but there is no aaa new-model
command.
Enabling AAA
To use the AAA features discussed here, youâll need to issue the
command aaa
new-model
:
Router(config)#aaa new-model
If you donât execute this command, the AAA commands discussed in this section will not be available. This step is not necessary in NX-OS.
Warning
Be careful when configuring AAA for the first time. You can easily lock yourself out of the router by enabling AAA authentication without configuring any users.
Configuring Security Server Information ...
Get Network Warrior, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.